CAN-SPAM, Canadian-style!

Last October, the Fighting Internet and Wireless Spam Bill (aka Bill C-28), the Canadian equivalent of the US CAN-SPAM act of 2003, came under fire as it faced strong lobbying from local businesses, who are looking to add amendments to the law and delay its formal implementation. This is part of an ongoing legal battle as the Bill, formerly known as the Electronic Commerce Protection Act (or Bill C-27) before its prorogation in 2009, had already faced similar criticism and debate before finally being passed by Parliament in December 2010.

You would think anti-spam legislation shouldn’t be a cause for such controversy, so to help understand the situation better and avoid having to sift through all the legalese involved, here’s a quick snapshot of the email dos and don’ts north of the border.

CAN-SPAM (US)

Bill C-28 (Canada)

Similarities

No false headers or subject lines

Valid postal address

Unsubscribe requirement

Cannot alter transmission data

Cannot perform address harvesting or send to harvested addresses

Liability for brands who knowingly allow spam to be sent on their behalf

Primarily Opt-In; Permission Based in writing, valid for two years only.

Private Right of Action (PRA) available to anyone such as individuals, businesses, etc.

Replies must go to an address that is monitored. May not use “no-reply” addresses.

Chief among concerns for the lobbyists is the current Bill’s requirement to obtain consent “in writing,” which they argue isn’t necessary as electronic or verbal consents should be enough, like in most countries. Also, the form requirements on commercial emails ask for a website address, even though many businesses are not yet online. Additionally, each group has their own concerns that apply only to their own business types (financial, industrial…), so this could take some time before all parties agree on a compromise and the law finally goes into effect. Final regulations and interpretations of the bill are currently slated for early 2012, when there will be further definition about the need to the date and source of opt-in information.

So, while we wait for all the legal wrangling to subside, here are some guidelines to preemptively avoid being flagged by the cyber-mounties:

Establish a baseline policy for all digital communications with subscribers.

Review the latest email policies to ensure compliance, as Bill C-28 regulations are more aggressive than the US-based CAN-SPAM ones.

Know that penalties can be as high as 1 million CAD per violation for individuals, and 10 million CAD per violation for organizations.

Move away from an opt-out (pre-checked) to an opt-in (not pre-checked) box on subscription forms.

Use preference centers so that subscribers can choose the timing and frequency with which they receive emails.

Capture when and where your subscribers signed up, especially if you are collecting sign ups by hand.

Never purchase or rent lists, or do email appends.

VerticalResponse has a strict anti-spam policy. All customers are required to adhere to the CAN-SPAM regulations. By adhering to VR’s strict Opt-In requirement for all email sent from our application this ensures compliance with nearly all global email marketing laws and guidelines.

Are you aware of any other international email regulations? Do they make sense to you? Do you believe these types of laws help companies such as yours run their business or, on the contrary, hinder them? Share away in the comments!

Resources:

Michael Geist’s blog, Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law